Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing optional okta_api_key crashed the sync process #293

Closed
khanhldt opened this issue Apr 29, 2020 · 1 comment · Fixed by #295
Closed

Missing optional okta_api_key crashed the sync process #293

khanhldt opened this issue Apr 29, 2020 · 1 comment · Fixed by #295

Comments

@khanhldt
Copy link
Contributor

khanhldt commented Apr 29, 2020
edited
Loading

Title: Run cartography CLI without Okta API key failed the sync process.

Description:

All sync targets are supposed to be optional. The CLI should finish the execution without crash when either option --okta-api-key-env-var or --okta-org-id is not provided.

To Reproduce:

AWS_PROFILE=.. cartography

Logs:

INFO:cartography.sync:Starting sync with update tag '1588113605'
INFO:cartography.sync:Starting sync stage 'create-indexes'
INFO:cartography.intel.create_indexes:Creating indexes for cartography node types.
INFO:cartography.sync:Finishing sync stage 'create-indexes'
INFO:cartography.sync:Starting sync stage 'aws'
...
INFO:cartography.sync:Finishing sync stage 'aws'
INFO:cartography.sync:Starting sync stage 'gcp'
INFO:oauth2client.client:Timeout attempting to reach GCE metadata service.
ERROR:cartography.intel.gcp:Unable to initialize Google Compute Platform creds. If you don't have GCP data or don't want to load GCP data then you can ignore this message. Otherwise, the error code is: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information. Make sure your GCP credentials are configured correctly, your credentials file (if any) is valid, and that the identity you are authenticating to has the securityReviewer role attached.
INFO:cartography.sync:Finishing sync stage 'gcp'
INFO:cartography.sync:Starting sync stage 'gsuite'
ERROR:cartography.intel.gsuite:Unable to initialize GSuite creds. If you don't have GSuite data or don't want to load Gsuite data then you can ignore this message. Otherwise, the error code is: The parameter passed to the from_stream() method should point to a file. Make sure your GSuite credentials are configured correctly, your credentials file (if any) is valid. For more details see README
INFO:cartography.sync:Finishing sync stage 'gsuite'
INFO:cartography.sync:Starting sync stage 'crxcavator'
WARNING:cartography.intel.crxcavator:CRXcavator import is not configured - skipping this module. See docs to configure.
INFO:cartography.sync:Finishing sync stage 'crxcavator'
INFO:cartography.sync:Starting sync stage 'okta'
ERROR:cartography.sync:Unhandled exception during sync stage 'okta'
Traceback (most recent call last):
  File "/Users/kledo/src/cartography/cartography/sync.py", line 71, in run
    stage_func(neo4j_session, config)
  File "/Users/kledo/src/cartography/cartography/util.py", line 58, in timed
    return method(*args, **kwargs)
  File "/Users/kledo/src/cartography/cartography/intel/okta/__init__.py", line 40, in start_okta_ingestion
    if not config.okta_api_key:
AttributeError: 'Namespace' object has no attribute 'okta_api_key'
Traceback (most recent call last):
  File "/Users/kledo/.virtualenvs/cartographyenv/bin/cartography", line 11, in <module>
    load_entry_point('cartography', 'console_scripts', 'cartography')()
  File "/Users/kledo/src/cartography/cartography/cli.py", line 297, in main
    return CLI(default_sync, prog='cartography').main(argv)
  File "/Users/kledo/src/cartography/cartography/cli.py", line 277, in main
    return cartography.sync.run_with_config(self.sync, config)
  File "/Users/kledo/src/cartography/cartography/sync.py", line 145, in run_with_config
    return sync.run(neo4j_driver, config)
  File "/Users/kledo/src/cartography/cartography/sync.py", line 71, in run
    stage_func(neo4j_session, config)
  File "/Users/kledo/src/cartography/cartography/util.py", line 58, in timed
    return method(*args, **kwargs)
  File "/Users/kledo/src/cartography/cartography/intel/okta/__init__.py", line 40, in start_okta_ingestion
    if not config.okta_api_key:
AttributeError: 'Namespace' object has no attribute 'okta_api_key

Please complete the following information::

  • Cartography release version or commit hash: 970ab87
  • Python version: 3.7.7

Additional context:

Looks like okta_api_key should have been set to None in the else clause here: https://github.com/lyft/cartography/blob/master/cartography/cli.py#L253.
@marco-lancini
Copy link
Contributor

Might be related to #202, #215

khanhldt pushed a commit that referenced this issue Apr 29, 2020
@kledo-lyft
Set okta_api_key to None when not configured. Corrected the log for C…
68abae2 
…RXcavator (#293)
@khanhldt khanhldt mentioned this issue Apr 29, 2020
Merged
achantavy pushed a commit that referenced this issue Apr 30, 2020
@khanhldt
#293 Fix issue with optional Okta sync (#295)
2603f46 
* Set okta_api_key to None when not configured. Corrected the log for CRXcavator (#293)

* Update setup step for JAVA_HOME and Neo4j auth setting when testing locally. Replaced tabs with spaces
@khanhldt khanhldt linked a pull request Apr 30, 2020 that will close this issue
#293 Fix issue with optional Okta sync #295
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#293 Fix issue with optional Okta sync cartography-cncf/cartography
2 participants
@marco-lancini @khanhldt